The ugly truth is that your organization has either been the victim of a recent cyber security breach, or it will be. Despite spending billions on cyber security – $75 billion last year, growing to $170 billion by 2020 – the bad guys appear to be winning. “Breach is the new normal,” said Christina Richmond, program director for security services at IDC.
Whether from hackers, organized crime, rogue states, disgruntled and/or careless employees, by way of accident, malware and zero-day attacks, drive-by downloads, watering hole attacks, or denial and distributed denial of service (DoS/DDoS) attacks, the evidence of the escalating threat environment is everywhere:
- 89% of breaches had a financial or espionage motive
- In 93% of cases, it took attackers minutes or less to compromise systems and data exfiltration occurred within minutes in 28% of the cases
- 70% of breaches involving insider misuse took months or years to discover
- 95% of all security breaches were caused by human error
- 55% increase in the number of spear-phishing campaigns attacks in 2015
- 125% increase in the number of zero-day vulnerabilities discovered
- 100 million technical support scams were blocked
- 35% increase in crypto-ransomware as it spread beyond end users to holding businesses hostage
- 430 million new pieces of unique malware were discovered
- 75% of legitimate websites have unpatched vulnerabilities
- 9 mega breaches occurred in 2015
- A large business attacked once in 2015 was likely to be attacked 3 more times
- 50% of all targeted attacks were against small businesses
- 60% of all targeted attacks strike small and medium businesses
- The indirect costs associated with security breaches outweigh direct costs by nearly 2:1
The first step in bringing this escalating threat environment under control is to do a cyber security assessment. An assessment can provide a comprehensive overview of your environment, help you better understand how today’s real-world threats could affect your organization, and prioritize where you should focus resources to protect, detect, and react.
A basic cyber security assessment should mitigate risk, address compliance, evaluate your security team’s response capabilities and improve your overall security. Elements to be covered can include:
- Physical security
- Personal security
- Training and education
- Account and password management
- Critical or noncritical data control and protection
- Data loss prevention, detection, and mitigation
- Compliance and audit
- Disaster recovery
- Management oversight
- Written security policy and procedures
While eliminating all breaches is cyber security’s ultimate objective, followed closely by detecting and remediating all breaches that do crack an organization’s defenses, breaches will continue to occur. However, you can significantly reduce your level of risk by preparing your organization and your users – starting with a security risk assessment. That’s where a trusted partner like Connection and our industry-leading security solutions and services can help.
Our Security Practice can help create comprehensive security programs that leverage the latest technologies from our partners, including Cisco, Check Point, Core Security, Dell, Intel Security, Security Innovation, Sophos, Symantec, Trend Micro, and VMware. We can help you discover deficiencies in your security environment and provide the insights and guidance you need to reduce your overall risk and mitigate problems.